open ssl command line how to. 정보
open ssl command line how to.본문
# openssl command-line HOWTO
- 버전확인
[root@test1 ~]# openssl version -a
OpenSSL 0.9.8b 04 May 2006
built on: Sat Jun 14 19:32:53 EDT 2008
platform: linux-elf
options: bn(64,32) md2(int) rc4(idx,int) des(ptr,risc1,16,long) blowfish(idx)
compiler: gcc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS
-D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DKRB5_MIT
-I/usr/kerberos/include -DL_ENDIAN -DTERMIO -Wall -O2 -g -pipe -Wall
-Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector
--param=ssp-buffer-size=4 -m32 -march=i686 -mtune=generic
-fasynchronous-unwind-tables -Wa,--noexecstack
-DOPENSSL_BN_ASM_PART_WORDS -DOPENSSL_IA32_SSE2 -DSHA1_ASM -DMD5_ASM
-DRMD160_ASM -DAES_ASM
OPENSSLDIR: "/etc/pki/tls"
engines: dynamic padlock
- 시스템 성능 benchmark
[*** 개인정보보호를 위한 이메일주소 노출방지 ***
[root@test1 ~]# openssl req -x509 -nodes -days 365 -subj
'/C=KR/ST=Seoul/L=Seoul/CN=www.xxx.xxx' -newkey rsa:1024 -keyout
mycert1.pem -out mycert1.pem
Generating a 1024 bit RSA private key
.....................++++++
...........................................++++++
writing new private key to 'mycert1.pem'
- 인증서 발급을 받기위해 certificate generate
[*** 개인정보보호를 위한 이메일주소 노출방지 ***
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@test1 ~]# openssl req -new -newkey rsa:1024 -nodes -subj
'/CN=www.xxx.xxx/O=My Dom,Inc./C=US/ST=Oregon/L=KOREA' -keyout
mykey1.pem -out myreq1.pem
Generating a 1024 bit RSA private key
........++++++
...++++++
writing new private key to 'mykey1.pem'
-----
- signature,information 확인
[root@test1 ~]# openssl s_client -connect smtp2.google.com:25 -starttls smtp
CONNECTED(00000003)
depth=1 /C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/emailAddress=premium-*** 개인정보보호를 위한 이메일주소 노출방지 ***
verify error:num=19:self signed certificate in certificate chain
verify return:0
---
Certificate chain
0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp2.google.com
i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/emailAddress=premium-*** 개인정보보호를 위한 이메일주소 노출방지 ***
1 s:/C=ZA/ST=Western
Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services
Division/CN=Thawte Premium Server
CA/emailAddress=premium-*** 개인정보보호를 위한 이메일주소 노출방지 ***
i:/C=ZA/ST=Western
Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services
Division/CN=Thawte Premium Server
CA/emailAddress=premium-*** 개인정보보호를 위한 이메일주소 노출방지 ***
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID6TCCA1KgAwIBAgIQNyTbUoF4+VYWnBsBTcl4ZTANBgkqhkiG9w0BAQUFADCB
zjELMAkGA1UEBhMCWkExFTATBgNVBAgTDFdlc3Rlcm4gQ2FwZTESMBAGA1UEBxMJ
Q2FwZSBUb3duMR0wGwYDVQQKExRUaGF3dGUgQ29uc3VsdGluZyBjYzEoMCYGA1UE
CxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjEhMB8GA1UEAxMYVGhh
d3RlIFByZW1pdW0gU2VydmVyIENBMSgwJgYJKoZIhvcNAQkBFhlwcmVtaXVtLXNl
cnZlckB0aGF3dGUuY29tMB4XDTA4MTAxNTAwMTE1M1oXDTA5MTAxNTAwMTE1M1ow
ajELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1v
dW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxGTAXBgNVBAMTEHNtdHAy
Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqtEc8
qm5xEt4FXKpyQ506nH0IXKFFJmGAxwpOemxHrwMy63z7LG0/28bsNRCLVnvkBZif
5LFFiWczBvv4iSPgNdAaVCePrJNUJKvCBt3cJP/op73glO0ibbJ9EDKANJdmvXdd
I9J/IJF4DBuYOUNXSiKUb/cF3jo6htLuuKjE/45rZVcdEFPNIwsNWkgozttxJeAK
EFHpJMZMCZh2ZU6Ihq90B703N+X9v5LeSs13Nh43CeZ5xnv5USkho9WVYPOKi4ON
BhzkHbC4beMPYgMn0OS8XY2nmtqAe0eOK5fFo9u9QaVQxVPZeJh/2JB/Ir246u9s
vjWBw9Zm8IyuuPSRAgMBAAGjgaYwgaMwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMEAGA1UdHwQ5MDcwNaAzoDGGL2h0dHA6Ly9jcmwudGhhd3RlLmNvbS9U
aGF3dGVQcmVtaXVtU2VydmVyQ0EuY3JsMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEF
BQcwAYYWaHR0cDovL29jc3AudGhhd3RlLmNvbTAMBgNVHRMBAf8EAjAAMA0GCSqG
SIb3DQEBBQUAA4GBAEb9pr2V9E2wHKAg97BlDldieh4AErC8MlAEh7hfw3rqGOj/
8tQIeA0el/R9acDVoobixo+CApwGZ0/NVjYGh286Zqi9I0dT5pRNWRQgf/eHqgR2
gVTx10pgQ7L2AKjhD0Wi21ps7GAMgcjFLtRX3n8HU7cu39yhufwEYFa7Semp
-----END CERTIFICATE-----
subject=/C=US/ST=California/L=Mountain View/O=Google Inc/CN=smtp2.google.com
issuer=/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting
cc/OU=Certification Services Division/CN=Thawte Premium Server
CA/emailAddress=*** 개인정보보호를 위한 이메일주소 노출방지 ***
/C=US/O=Digital Signature Trust Co./OU=DST (ANX Network) CA
/C=US/O=American Express Company, Inc./OU=American Express Technologies/CN=American Express Certificate Authority
/C=US/O=American Express Company, Inc./OU=American Express Technologies/CN=American Express Global Certificate Authority
/C=BE/L=Brussels/O=BelSign NV/OU=BelSign Object Publishing Certificate
Authority/CN=BelSign Object Publishing
CA/emailAddress=*** 개인정보보호를 위한 이메일주소 노출방지 ***
/C=BE/L=Brussels/O=BelSign
NV/OU=BelSign Secure Server Certificate Authority/CN=BelSign Secure
Server CA/emailAddress=*** 개인정보보호를 위한 이메일주소 노출방지 ***
/C=US/O=Digital Signature Trust Co./OU=DST-Entrust GTI CA
/O=Entrust.net/OU=www.entrust.net/CPS_2048 incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Certification
Authority (2048)
/C=US/O=Entrust.net/OU=www.entrust.net/Client_CA_Info/CPS incorp. by
ref. limits liab./OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Client
Certification Authority
/C=US/O=Entrust.net/OU=www.entrust.net/CPS incorp. by ref. (limits
liab.)/OU=(c) 1999 Entrust.net Limited/CN=Entrust.net Secure Server
Certification Authority
/C=US/O=Equifax/OU=Equifax Premium Certificate Authority
/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Global Root
/C=JP/O=CyberTrust Japan, Inc./CN=CyberTrust JAPAN Root CA
/C=JP/O=CyberTrust Japan, Inc./CN=CyberTrust JAPAN Secure Server CA
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Root 2
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Root 3
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Root 4
/C=US/O=GTE Corporation/OU=GTE CyberTrust Solutions, Inc./CN=GTE CyberTrust Root 5
/C=US/O=GTE Corporation/CN=GTE CyberTrust Root
/C=BE/O=GlobalSign nv-sa/OU=Partners CA/CN=GlobalSign Partners CA
/C=BE/O=GlobalSign nv-sa/OU=Primary Class 1 CA/CN=GlobalSign Primary Class 1 CA
/C=BE/O=GlobalSign nv-sa/OU=Primary Class 2 CA/CN=GlobalSign Primary Class 2 CA
/C=BE/O=GlobalSign nv-sa/OU=Primary Class 3 CA/CN=GlobalSign Primary Class 3 CA
/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
/C=us/ST=Utah/L=Salt Lake City/O=Digital Signature Trust
Co./OU=National Retail Federation/CN=DST (NRF)
RootCA/emailAddress=*** 개인정보보호를 위한 이메일주소 노출방지 ***
/C=DE/ST=Hamburg/L=Hamburg/O=TC TrustCenter for Security in Data
Networks GmbH/OU=TC TrustCenter Class 0
CA/emailAddress=*** 개인정보보호를 위한 이메일주소 노출방지 ***
/C=DE/ST=Hamburg/L=Hamburg/O=TC TrustCenter for Security in Data
Networks GmbH/OU=TC TrustCenter Class 1
CA/emailAddress=*** 개인정보보호를 위한 이메일주소 노출방지 ***
/C=DE/ST=Hamburg/L=Hamburg/O=TC TrustCenter for Security in Data
Networks GmbH/OU=TC TrustCenter Class 2
CA/emailAddress=*** 개인정보보호를 위한 이메일주소 노출방지 ***
/C=DE/ST=Hamburg/L=Hamburg/O=TC TrustCenter for Security in Data
Networks GmbH/OU=TC TrustCenter Class 3
CA/emailAddress=*** 개인정보보호를 위한 이메일주소 노출방지 ***
/C=DE/ST=Hamburg/L=Hamburg/O=TC TrustCenter for Security in Data
Networks GmbH/OU=TC TrustCenter Class 4
CA/emailAddress=*** 개인정보보호를 위한 이메일주소 노출방지 ***
/C=ZA/ST=Western
Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services
Division/CN=Thawte Personal Basic
CA/emailAddress=personal-*** 개인정보보호를 위한 이메일주소 노출방지 ***
/C=ZA/ST=Western
Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services
Division/CN=Thawte Personal Freemail
CA/emailAddress=personal-*** 개인정보보호를 위한 이메일주소 노출방지 ***
/C=ZA/ST=Western
Cape/L=Cape Town/O=Thawte Consulting/OU=Certification Services
Division/CN=Thawte Personal Premium
CA/emailAddress=personal-*** 개인정보보호를 위한 이메일주소 노출방지 ***
/C=ZA/ST=Western
Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services
Division/CN=Thawte Premium Server
CA/emailAddress=premium-*** 개인정보보호를 위한 이메일주소 노출방지 ***
/C=ZA/ST=Western
Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services
Division/CN=Thawte Server CA/emailAddress=server-*** 개인정보보호를 위한 이메일주소 노출방지 ***
/O=Thawte/OU=Thawte Universal CA Root/CN=Thawte Universal CA Root
/C=us/ST=Utah/L=Salt Lake City/O=Digital Signature Trust Co./OU=United
Parcel Service/CN=DST (UPS) RootCA/emailAddress=*** 개인정보보호를 위한 이메일주소 노출방지 ***
/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 1
Policy Validation
Authority/CN=http://www.valicert.com//emailAddress=*** 개인정보보호를 위한 이메일주소 노출방지 ***
/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 2
Policy Validation
Authority/CN=http://www.valicert.com//emailAddress=*** 개인정보보호를 위한 이메일주소 노출방지 ***
/L=ValiCert Validation Network/O=ValiCert, Inc./OU=ValiCert Class 3
Policy Validation
Authority/CN=http://www.valicert.com//emailAddress=*** 개인정보보호를 위한 이메일주소 노출방지 ***
/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 1 Public Primary Certification
Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use
only/OU=VeriSign Trust Network
/C=US/O=VeriSign, Inc./OU=VeriSign
Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use
only/CN=VeriSign Class 1 Public Primary Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification
Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use
only/OU=VeriSign Trust Network
/C=US/O=VeriSign, Inc./OU=VeriSign
Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use
only/CN=VeriSign Class 2 Public Primary Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification
Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use
only/OU=VeriSign Trust Network
/C=US/O=VeriSign, Inc./OU=VeriSign
Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use
only/CN=VeriSign Class 3 Public Primary Certification Authority - G3
/C=US/O=VeriSign, Inc./OU=Class 4 Public Primary Certification
Authority - G2/OU=(c) 1998 VeriSign, Inc. - For authorized use
only/OU=VeriSign Trust Network
/C=US/O=VeriSign, Inc./OU=VeriSign
Trust Network/OU=(c) 1999 VeriSign, Inc. - For authorized use
only/CN=VeriSign Class 4 Public Primary Certification Authority - G3
/C=US/O=RSA Data Security, Inc./OU=Commercial Certification Authority
/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority
/C=US/ST=North Carolina/L=Research Triangle Park/O=Red Hat,
Inc./OU=Red Hat Network Services/CN=RHNS Certificate
Authority/emailAddress=*** 개인정보보호를 위한 이메일주소 노출방지 ***
/C=US/ST=North
Carolina/L=Raleigh/O=Red Hat, Inc./OU=Red Hat Network/CN=RHN Certificate
Authority/emailAddress=root@test1 ~]# openssl dsaparam -noout -out dsakey.pem -genkey 1024
Generating DSA parameters, 1024 bit long prime
This could take some time
........+++++++++++++++++++++++++++++++++++++++++++++++++++*
+..+.....+........+.+.....+.......................+....................+.....................+..................+........+..............+........+...+..............+.....+.+............+........+................+.........+...+..........................+.+....+.........+...+.+...........+..+++++++++++++++++++++++++++++++++++++++++++++++++++*
[root@test1 ~]# openssl dsaparam -out dsaparam.pem 1024
Generating DSA parameters, 1024 bit long prime
This could take some time
....+......+++++++++++++++++++++++++++++++++++++++++++++++++++*
.................+..+........+.+......+.+......+....+.........................................+......+.....+....................+..+.............+.+...+....+..+.+.....+....................+.............................+..............+..+..+..+.....+...+...........+.......+....+......+.....+.....+++++++++++++++++++++++++++++++++++++++++++++++++++*
[root@test1 ~]# openssl rand -out random-data.bin 1024
0
댓글 0개